HDM on the (not so) recent MS Visual Studio 2003 'sploit

["Dude VanWinkle" <dudevanwinkle () gmail com>]

from: http://dudevanwinkle.blogspot.com/
----------------------------------
The MS06-014 bug was just one instance of a pretty common vulnerability in
ActiveX Objects. Some objects expose a method that allows new objects to
be created through them. If any of these objects are marked as safe for
scripting, its possible to create abtrirary COM instances through
a 'safe' object (leading to pwnage).

I went to write the MS06-014 exploit and realized I had a bunch of other
ways to exploit the same type of flaw. I added the WMI bug to the list
and then followed it by a set of usually-restricted COMs that have the
same feature. If the system is misconfigured or is using an old version
of Office, almost any of those 'targets' in the exploit can be used to
run arbitrary code :-)

------------------------------------
-JP<'nother shameless plug>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.